Skip to main content

tv   Road to the White House  CSPAN  November 19, 2012 12:30am-2:00am EST

12:30 am
afternoon. we have the easiest access to the european markets, the largest gold market on earth. we of some of the best universities in the world, and we have here in london one of the world's leading financial centers. we have architect of a we have a architect of the largest computer and the worldwide web. we had had a trade surplus last year for first time in almost ho years. and with technology investment many the u.k., now at 10-year high, it's not just the omed industries that are growing again, it is the new. so with all this and more, i truly believe that in this new century, just as in the centurys that came before, our done fri, britain can succeed. so let me turn. helping britain sell abroad is
12:31 am
the fy tall part of the answer. but winning abroad actually begins at home. our country will only rise if we let our people rise. if we break aspiration and those who wanted to get on in life that means sorting out our welfare system and education because the most powerful natural resources we have are our people. i took the whole cabinet today to an academy school in bristol to show the transformation we need in our education system right across country. we need schools with high standards and high expectations so all our children get a proper start in this new competitive world. of course, we also need to deal with the deaf so it we can safeguard low interest rates and give businesses the confidence to invest in britain and to create jobs for our people. and we need to reba lance our economy, to expand our private sector.
12:32 am
that is why we're cutting corporation tax rates to the lowest. it's why we've introduced system of the most generous tax breaks in start-ups available anywhere in the world and it's why we've got a paid in box so you only pay 10% tax on intellectual property you ex-employed here in the u.k. but building a truly aspirational economy requires something else even more fundamental to restore our competitiveness. i have long believed together with michael hassellcline and others that reducing tax, cutting regular collation that's not enough. we need a more strategic, modern approach to maintain our global comparive advantage and make the most of it. we need what i call a modern industrial strategy. not keeping dead industries on
12:33 am
life support like the industrial strategy of the 19 0's but supporting companies where we have a competitive edge and encouraging the high growth industries and companies of the future. creating an ambitious, coordinated and muscular approach to government which allows them to fluorescentish. let me give you a couple of examples. we have a comparative advantage in pharmaceuticals in life sciences. so we've created $180 million pound to bridge that gap between the laboratory and the market to create the next generation of world beating fecknologies and medicines and our actions are drawing millions of investments from the private sector. we have great resources in
12:34 am
energy. so in energy, we've committed a billion pounds for carbon capture and storage one of the key technologies of the future. we've created the world's first green investment bank. we're pioneering a new incentive for renewable heat systems in people's homes. and we're putting in place a robust framework to incentivize renewable electricity. as a result more than 12 billion pounds have been committed to new renewable projects in the u.k. in the past 18 months alone with the potential to support around 20,000 new jobs. we've also created new incentives to squeeze more oil and gas out of the north sea including from those marginal fields. look at the way we got behind tech city right here in london. two years ago, they were aren't around 200 digital companies in shortage.
12:35 am
today there are 1,200. and with major tech companies like amazon, and facebook developing developing centers this has been the fastest growing technology cluster all around the world. we'll be publicish -- publishing articles next year with more to come this government action is vital if britain is to win in the global race. but a modern industrial strategy will only truly work if it addresses a number of vital issues. first, pursuing a modern industrial strategy does not mean being anti-finance. tell me this -- which sector, which single sector of our economy contributed from all government revenue even from the recession? which sector has a balance surplus with the rest of the
12:36 am
world world more than $600 million pounds? and of course, it is our financial services. terrible mistakes were made and they immediate to be addressed properly so they can never happen again. but those who think the answer is just to trash the banks would end up trashing britain. i say recognize the enormous strength and potential of our financial sector, regulate it properly then get behind it. now, that is why we're taking tough action. tough, civil and criminal penalties for those who break the law. the most transparent rules of any financial center anywhere in the world. and a proper program that clear up the regulatory mess including retail banking to protect it from the risks of investment banking. put simply as marvin king has
12:37 am
said we need a regime where banks can fail without the need for taxpayers to bail them out. we are also standing up for our financial services sector in europe. the city of europe someone of the e.u.'s biggest assets. and it play as crucial role in fueling the whole of the european union economy. so we will fight for rules which deliver open markets, competitiveness and new market access opportunities globally. and yes, while we support the need for greater integration within the euro zone including through a banking union, make no mistake, we will never allow banking union to compromise our fair access to the single market. so modern industrial strategy must utilize our greatest strength and that includes our financial services. second, we must support all sectors of the economy where we have a comparative advantage and that includes defense.
12:38 am
now, i understand why some people are a bit squeamish about ministers flying off around the world to help our defense industry do deals abroad. but let me say this -- britain has the most rigorous arms export licensing regime in the whole world. and that is how it will stay. but there is a more fundamental point here. every country in our world has a right to self-defense. and you cannot expect every country to be self-sufficient in providing the tanks and ships that are required. some when britain has a very strong defense industry with 300,000 jobs depending on it, it's righting that we should be at the forefront of this market supporting british jobs and british allies. that's why last week in the gulf, i was pushing for null contracts for typhoon jets worth billions of pounds and thousands of british jobs. that is vital new business for britain and i make no apology for going out there and trying
12:39 am
to help win it. third, the modern industrial strategy cannot just be about backing the incumbents, the established companies. it needs to unleash the power of the insurjenlts, the new kids on the block. 95% of all new jobs in america come from companys that are less than five years olds. u.k. research shows that the 6th% of companies with the fastest growth rate, they generate over half of all the new jobs. yet government policy here has long bin laden stacked against the high growth start-ups. when i became prime minister -- yet government policy here has long been stacked against the high growth start-ups. i.t. spending went to seven multinational companies. now, we are changing all that, tearing up the rules and opening up government
12:40 am
procurement to start-ups, spending hundreds of millions with venture capital investments and we're working with the london stock exchange to make it easier for insurgent companies from right across europe to float here in london because that is is a vital part of how we attract the entrepreneurial businesses and investors who will generate the job and the growth that we need. now, fourth, there are those who think that a modern industrial strategy is just about empowering the regions. yes, our country has become far too centralized. and with city deals and proper business partnerships, we're changing that. but we need bold national decisions too. whether it is cross rail, high speed too, new nuclear power stations, all the process we've established to make one of the biggest decisions of all how best to get the airport
12:41 am
capacity we need for the future. we also need national decisions to kick start in key sectors just like with the green investment bank and the business bank to get lending moving for s.m.e.'s. at the heart of a modern successful strategy is the veening power of national government to get behind what works and to position our key sectors. so they have the best chance of winning in the global race. now finally, we must never let as some countries do a modern industrial strategy be a cover for protectionism. i know that some people look at, for instance, tartar taking over jaguar or land rover and ask shouldn't we do something to stop it? the answer is no, we should not. one of britain's great u.s. piece, one of our great sales proposition is our openness and this openness is a vital part
12:42 am
of our modern industrial strategy. the fact that we are such an open economy is a calling card for britain all over the world and internationally recognized. foreign investment creates jobs and wealth and growth. and far from weakening our base the investment actually strengthens it. look at our car industry. japanese investment. foreign investment is positively beneficial for british jobs in manufacturing and for the reba lansing of our economy that is so essential. and there is a similarly positive story on trade too. more free trade will mean more growth that's why i'm determined to leading new international trade agreements that will benefit britain inincluding e.u. deals with the u.s. and japan in the next
12:43 am
year. free trade in in our d.n.a. and with all the institutions and legal expertise here in london, we're not just a great country to trade with, we can also be a country of choice for others to trade in creating yet more growth and jobs for britain. so here we are in the heart of the city of london which has always been brilliant at innovating, which has always stayed one step ahead from lloyds of london the world's first insurance market frp trading in the 17th century. from the developing of global equities trading to the biggest islamic finance center outside the islamic world. from the western hop to the remnant b to the social investment fund. you're always one step ahead and that's the way it should stay. time and again the city of london has led the world and i know you can do so again.
12:44 am
and frankly, it is this pioneering, buccaneering spirit that will define the success of britain's industrial strategy. playing to our strengths, working out our advantages, unapologetic about backing business big and small. this is how together we will ensure that britain thrives and wins in this global race. thank you. [applause]
12:45 am
>> thele average new facebook use ser in indonesia, india or brazil right now. they're using a mobile phone primarily to access it because they haven't had an access to a broadband p.c. or laptop. there isn't an infrastructure of media that you have in the u.s. so a lot of americans will meet me and say facebook is combreat for gossiping and see what my friends are eating for lunch. but if you were to talk to somebody in the middle east you'd hear a different story which is that facebook was providing access to news to people that had unique access to information that they weren't able to get it otherwise and you get a much more sort of meaty story about what facebook means to them. >> more from facebook engineer chris cox with an insider's view of the company, thanksgiving day on c-span.
12:46 am
at 12:00 chief justice john roberts and at 10:ooh, we pay tribute to neil armstrong just before 11:00. >> live coverage here tomorrow on c-span. we'll look at immigration policy at the american enterprise institute. speakers include richard lamb of the sournl baptist convention. that's at sock a.m. eastern. then the c.e.o. of the new york stock exchange talks about the fiscal cliff. hosted by the brookings intuition that's at 1:00 p.m. eastern. tomorrow night former abc news reporter and anchor ted koppel talks about the future of network news. this is part of the series and it's on at 8:00 p.m. eastern. >> next c.i.a. security
12:47 am
director mary rose mccaffrey talks about cyber threats to national security. she's the first female director of security for any u.s. intelligence agency. her remarks are about an hour. >> all right. if we could make our way to our seats, please. all right. welcome back to if eighth annual global security symposium here at the arnott call university in prescott, arizona. i'm an assistant professor anded with the studies. it's my distinct pleasure to introduce an important woman not just because she's a woman but because of her position in
12:48 am
the intelligence and security world today, ms. mary rose mccaffrey. she was named the director for the central intelligence agency in 20111. prior to this she was the director for the c.i.a., not the culinary institute of america, of course but the central intelligence agget sit. director of the intelligent unit in the national reconnaissance office. she has had many tours and stops from the d.o.d. of the department of defense, united states navy and the director of national intelligence. she has worked matters related to security, policy analysis, operations, you name it the litany of the security business. she went to a smalm school in vermont st. michael's college if i'm saying that correctly
12:49 am
which means she is a purple knight. please give her a warm round a very exciting moment for our university for miss mary mccaffrey. [applause] >> well, first can everybody hear me? >> yes. i was asking mr. finston if everybody thought i was giving out halloween candy. first i want to thank each and every one of you today. know that school is more important than listening to me. two who came from the industry, thank you for taking time out of your busy day. i have had an absolutely extraordinary moment with your students. first and foremost i am very optimistic about our future because each and every one of you give me great faith that whatever challenge is the intelligence community, the
12:50 am
national security of the united states is safe. we are well poised and postured to deter them and figure out a solution. so thank you very much for the invitation. second point for those of you is even in the intelligence community, they actually are getting to a point in time where the gender bias is being corrected. i am after 65 years the first female director of security for any community intelligence agency. so -- [applause] so as many of you had asked, you know, that -- when we were asking you what you wanted to do with your life just two words of wisdom. my parents died before they knew i had a real job because i kept moving jobs. so when i tell you it's just a stop on the way if you give whatever your employer is 100% of your passion of your work
12:51 am
ethic and contributing to their mission you will always be happy and your next job will find you brve you find it. so fear not. there's a long road ahead of you. most importantly, i am absolutely thrilled to be here to your national security, symposium. aplaud academic institutions like embry riddle for sponsoring such an event. many of you know that cyber intelligence is just a new world of intelligence for the community. national security is absolutely critical to the united states defense, to our ability to operate globally and at universities like this will help us get to where we need to be. the skills we need tomorrow are very different than the kills we have today. and -- than the skills we have today. and that's exactly why i was asked to join you today. you will develop us help us develop the next cyber
12:52 am
security. and you will help us protect our infrastructure. cyber attacks have increased over the last decade. i can tell you for a fact that the c.i.a..gov gets a million hits a year that's a lot of people trying to come into your system for bood or bad purposes. these happen to be not so bad purposes. your development of becoming a professional in this business will absolutely be fundamental to our future. so when you're having a hard time with the professor, with the course, everyone of your professors is there to help you success. you're internalships your co-ops and you keep looking for the stars because you will find it. so let me step back a little bit because we're talking about cyber today. and we're talking about national security in the 21st century. but i need to give you a little bit of history of why cyber is
12:53 am
so critical. if you remember world war ii was the turning point for us. you know, december th, 1941 was the day of infamy. mest of you in this room are too young to remember when your parents or your grand parents probably are not too young to remember when we used to have drigged. the alarms would go off and you would get into your desk. this thing called a nuclear threat was a problem. but the cold war focused on russia and the united states. so fast forward. you have vietnam. vietnam san adventure on to itself in terms of north and south vietnam. many of you in this room may have served in vietnam. then you moved fast forward and we were going have russia. the berlin wall came down and we were going to get some benefits of that peace
12:54 am
dividends. peace was not big run rush it was a multiple stand. pick a stand. they became a challenge in stability of government, stability of resources and stability of the data we knew about those particular companies. move on forward, 9/11 happens. every one of you remember when you were. i was on the steps of the pentagon. i little literally walked out of the building that day. i was there for a meeting. i remember hearing on that gorgeous blue day an absolute eerie sound. it was like a plane had taken a wrong turn. i didn't know it was a plane because planes go up and down the potomac river. i am of the bottom of the stairs. the plane hit the building. i did not know where i was sitting that two other planes could have hit the world trade
12:55 am
center. we have cnn or c-span trailing but we didn't visit on. well, my first reaction, funny, we all have self-reservation. i just ripped my panty hose. my second reaction is holy smokes there's a lot of smoke coming out of that building. one of things i don't like about if pentagon is you have very few parking. from that point on, ladies and gentlemen, our world and the united states and around the world has changed. that's where we move forward to today's event because cyber has taken a huge role and place in that world since. so very soon after 911, the united states started a global
12:56 am
war in europe. started in afghanistan went to iraq, and is now in the military. there are huge challenges about stabilities of government and stabilities of our roles in those countries. we will continue to address what needs to be done in that environment. none of that is done without our dependence and our environmentment in the cyber world. the cyber domain and each and every one of us have become inseparable. tegnonk drives everything we do. -- technology drives everything we do. it resides in private sector. let me repeat that. the vast majority of our infrastructure in the united states resides in the private sector. the national security risks and the economic risks are still with the private sector. remember the government doesn't
12:57 am
do it alone. our partners are the private sector. whether you work for the government or you work for private sector you can contribute no matter where you are. in whatever professional desire is. >> it's private sectors, holds as lot of data. and they're protection to the united states priorities is of a national important. the president declared recent lip and i quote. this is in the top five. the cyber threat is one of the most serious economic and national security challenges we face as a nation and america's economic prosperity in the sunshinery -- century depends
12:58 am
on that. we have more information than most countries of the world. we'll hear why that's important a little bit later. the c.i.a.'s primary job. if you ask the new james bond movie is out. it's not quite like that. the c.i.a.'s primary role in the protection of our own systems is paramount. but our real primary world in the sishe world is to inform the policymaker and to enform the decision makers on what they're to do next. we determine capability, intent and we conduct analysis in classified and the cyber environment to enforce the policymakers. in the u.s. government there are four big players.
12:59 am
d.h.s., department of homeland security is responsible for the intrastructure. the fibble does have the law enforcement peace. you know exactly why that have the law enforcement line peace. he has the psycher command to drive the infrastructure by which we're going to deploy there. c.i.a. doesn't do that work but we can't do our work without collaborating and working with them. despite the fact no matter what the news says, we don't do this alone. we co it with the private partners. c.i.a. does partner with our agency. we partner with all of these
1:00 am
agencies to get the best match for the person because remember, we're investing in the future and the future is you. at some point i will say i'm going beat us. it's important to get the officer we can for the challenge we have. we recognize that we don't hold all the chris cal information and we recognize that the partnership in government, public, private, law enforcement. many of you probably never heard those words prior to 911 because for all the facts we didn't necessarily worry about that. nba did stuff really well. d.o.d. does stuff really well.
1:01 am
but now we can't afford to separate differently. having been in the business, i can tell you that the partnerships have been absolutely critical to each of our individual successes. we have to operate in a fed rated approach to ensure we secure the infrastructure. we have to support corporation education awareness. any time there is a crisis around the world did they communicate with one another? did policymakers and ticket agency as sha van said, did that talk to one another. and they're talking pretty regular liss. we have to rely upon one another because there's not infinite money, infinite opportunity to put the problem set in front of every agency.
1:02 am
but if you put the problem set in front of them all and they all work their piece you get a better end product. you have to -- what we share, how we share it and when we share it is absolutely just in time. you can motte afford to have somebody find out information after the fact. monday morning quarterbacks are absolutely famous in washington. you also have to remember that each of these agencies in the direct tor of national security. there are 16 agencies who all have a specific punks -- specific missions to do. oftentimes one of the questions i will get from audience is in the business of intelligence since specifically for her
1:03 am
being the director, what keeps you up at nine. >> well, there's a lot. lady revlon is sa wonderful thing but the reality is i'm always worried about people because it doesn't matter what you do. everything we do involves people. and so i'm always worried about people in harm's way. my second big worry, i will tell you is cyber. in the last 10 years, i have been called out of bed more times because somebody had -- every one in a while we have to figure out. cyber worries me. every one of you has least one stone. it's a wonderful tool. but i will tell you'll those tools can be used to our benefit. so we are worried about that.
1:04 am
we spend a lot of time and effort protecting our met work, protecting fat which we consider the crown jewel because in c.i.a.'s business which is collecting human intelligence. if it does get exposed people are affects. and that's not a good thing. so she might come. probably meteorologist a gold. but it's probably growing as fast. you got to put it in perspective. potentially profiting business. if you're a banking industry why work about your competitor. and you can put something on their essence.
1:05 am
it is just an extension of espionage for us. this is the clan december tinl con sen bration. our integrity and the availability of our systems and our data. i think we all know and no matter what movie you've seen if you've never seen any movies, how devastating. the impact to our national would be. if certain information fell into the wrong hands and happened post wikileaks. we also mo the challenges we face in protecting this information. it is not an e easy pete given the level of both the technology or adversaries. something is having a good day.
1:06 am
let's see if i can do this. so who are theired a vowskerees. they can be single and have we talked about -- we have four teams or the special agent was talking about this morning about damn nouse. they're like an abieba. they can change deposit pendsing spon, -- what's the words i want? depending upon the sflaver of the day. that's probably the best way you can say it. how much money do you think would be lost if the drug carpels -- cartels went out of business? it's a very proisting business. the cyber stuff.
1:07 am
>> we have nonstate sponsored organization. think about the air of upriding last summer. start it with a fruit vendor and tuna, a single fruit vendor. if he was tired of getting shaken down by the local, what i would call guy on the corcher because he had the same spot, he supported a family. his father had been killed and he supported his candy by selling prute every day. you know what, they took more money. every time they got a bad take they would put it in the bill. and he got tired of it one kay. and this is the power of one. and he lit himself on fire and
1:08 am
he started an uprising. and every one of those countrys that figured if he could do it, we could do it. did. fear later. think about it. you know, awe catic government. we're overthrown by the power of one. and it was all via cell phone. so think about that. some of the folks didn't have running water. so it's really porcht to -- important to understand the power of what technology can do both for good and for back. we have a lot of these folks trying to disrespect u.s. networks. and that's not just -- that's u.s. networkings. every one of the country, honeywell, raytheon, pick a big
1:09 am
defense company. the information is protected on those networks. they build things. everyone in knows it was a capability. >> they can leverage and repackage publically available tools. some of the students were showing us some of the tools that they're available. we can do a combreat deal of harm. they have an under ground community that's better than mote. they make system of the luggage loads -- new exploits to things
1:10 am
that any whether the u.s. government has been able to defend and deter. as the speakers this morning told you, the reality is our job is to anticipate, but when you cannot it you have to figure out how do i get joined whether it's a signature base, a tool base, a spear fishing. how do i get behind it. and if i can't get onit how do i defend against it at my mex -- work. they use a lot of information that we produce. your companies, the intelligence community, the open source information, social media on facebook and twitter.
1:11 am
i have a 23-year-old niese who just got out of college and just got a jofpblet and i sent her a message on facebook and she said that's so lame rosie. it's instagram. oh, man am i getting old. but think about it. you don't call your parents. and your parents sure as heck don't call you. right folks? i seed some nodding heads. remember alaska using facebook, twitter and instagram as a wonderful recruiting tool. do you know who you're talking to on those networks. just think about it. when the special agent said we're anonymous, can we play? just think about it. they use forms like this. there is not one dale where i don't get ooh lengthing in
1:12 am
request. if i don't know you i ant clicking. they use technology. the mini little ipad just came out. that's a good deal. think of all the people that were in that room that may not have been part of apple. people like apple, google, face book. man, they protect their tech nology. they were tell meg that when a new product comes out they don't see it until the day the rest of the world series. then they hurried to get the guy out of the street that necknology is go ahead. they have to pay real close attention for protecting it. they use academics. a far number of people -- we
1:13 am
have the best school systems in the world ladies and gentlemen. they use commercial enterprises. there's a lot of shadow companies out there. a lot of people who think you're buying something but you're really buying something es. or they're buying your information and then selling it. they stay on the speck trupt most motives. they can be technology. can you imagine if somebody got this technology that they wouldn't have to spend the bills onon defense and intelligence and just commercial products. ment in the end, how is it? all in much. they were talking about the ok buy wall street. i have a tendency to have a fair amount of time at the white house. there are times that it's not a
1:14 am
great play to go through. it was literally right across from there. so you had to go buy these poem before you went to work every day. and it was just -- it was an adventure. and there are, you know, their gold may start very intent but december instruction. the damages to the infrastructure of the city of washington, d.c. was greater than their on occupation. population that thesed a ver zaireries go after, but they also go after people. last week we had an event at c.i.a. whether we all got notified that you know, our names and our c.i.a..government. had been pulled together by a particular thing. they started to tie to do some target target me.
1:15 am
but for some other people that's a real problem. they'll gol after the easy stuff but they'll also go after the hard things. they'll go after delsh they think they can get a big bang for the buck. so they're going to gather everything they can. it's easier to scoop it up. it's only until the exploit around the bottom tells you what's on that sat light but these guys can scoom um a lot of information. so private industry supports the government in information we do. nowtial we have a whole series of laws, directors that require us to protect our data. by the way there's the bottom
1:16 am
line. they do go after industry. they go after political groups. they go after on the news, it's political season. seven days away grr an election and the worlds' just crazy on that. they're going to go after single individuals if they can fert something. they went after a kingle individuals a day. so they went after them that becomes a real problem because they're family. it starteds innocent but it doesn't always end innocent. some of the ways that c.i.a. has to worry about is two primarily. we worry about computer network and exploitation. the reason i said that the network exploitation, i spent a lot of time and money.
1:17 am
they equate computer network at our espionage. that becomes a port. they want to break in, steal, or mad fy the information that we have on our. is they seek, you know, not attributed about. they have access to our data. wouldn't it be nice if someone knew what the director or the president were going to do before he was going to do it. technology shift give -- every one of the companies who build aplineses who build operating system. here's always the first. and in every version there is a
1:18 am
vulnerability. so sometimes those vulnerability ability provide wonderful opportunity first disruption. you can well nadge the u.s. government works very closely with companies like apple. primarily because everybody uses the technology. much like when they do. i'm try the problem isn't abc. we fixed it. so we have a very robust we have a robust system of network defense. you'll have to get through the line more than normal. we worry about it pretty dramatically. the number of the vices such as your smartphone, your lap to be your ipad.
1:19 am
they're going to literally ex-teed 5 combl by 2015. i'm not sure that a lot of intrastructure is going to feed that. but those devices well. motte only in how we ornte and how we work, where we work. our computer network attacked folks. they're winning the intel city of our sg or the data. and they share information athe community network. that commuter network has like any network somebody's always looking if a whole in it. so they can take that information and use it to a benefit that's not necessarily its intendsed purpose. we get lots of figuring
1:20 am
attacks. here fell you, you know what, you may y'all, and everybody who thinks, he's olds. we do fishing and taxes to my employee. it's very often to me but every year click on it. the first year i send him a reminder descending who's who. i want to use the two by four, are you student. for any organization is strong. you know, don't give me bad board. they have to have a strong password. they get a whole set of laundry and how to work in that environment. we manage to have more about people who seem to miss it.
1:21 am
system of them are the rocket scientists and they're busy reating smm. i just didn't any. we have spear fishing that hit a lot of our principles. you all know that d.v.d. h. petraeus has been our director for a little over the year. he spent a -- he's so visible that literally every day we scan his computer because he has classified computers and un classified. how does he condition tpwhect all the buddies. he always gets one from some person. he has no idea who they are. we'll say, tir, just remember don't click on it. they need me. i'm like boss. you just have to -- everybody gets educated.
1:22 am
he has been so educated in this new job. and he is so smart and so busest but even four stars have their own to learn. half of our populationly overseas. that's -- we have a lot of i pads and they kind of put a lot of pieces of data. that may not in and of itself be classified but it's their buddies, hidden in the embassy. it's that buddy in the foreign service. thst they're buddy that they work with. attach something to that i phone. it's not something to do. and we -- and everything on that system then becomes suspect.
1:23 am
so we unfornl haughtily have lost. >> i just killed your sledge huh? someone got to be a personal friend and somebody picked up in the local government and killed it. you have to understand that our business is not about -- it's a nice vehicle. that's really important. everybody is worried about the service attack. the biggest impact of the nile service attack lately were to the u.s. financial institutions. early in october there was a whole bunch of the institutions. they thought it was just a fishing account but it was a pretty concerted denial on multiple banking institutions. might have been an hour or a couple of days. but those service attacks, the backes were not so worried about them because as a bank is not concerned about its own but
1:24 am
collectively it has a huge impact. so now all the banks have gone very similar things ha the intelligence community hasty. how many of you could not imagine getting to a.t.m. and getting money out or more importantly paying your bills. and that's a real thing. middle of october. the suspected attackers behind this, there's reporting all over the map. it is a state sponsor. so there's no definitive answer. we're talking trillions of dollars. each and every one of you probably has aven account. fargo bank of america, you know, city bank every one of them got affected. not all of them but they all
1:25 am
got affected. abc recently reported a targeted mall wear attack which we're calling minnie fling. so it will go after our director. it will go one of our director who is does a lot of work outside the conversation. and in essence those two kids i talked about, it took about four or five different tools kit. then it was able to dake screen shots and everything they were doing on that computer. in an environment like this, nobody really cares about it. that's a pretty big deal. every day to give the president the daily grief on what world events happened last night. the last thifpk he could adepord is to have someone with that audio capable.
1:26 am
so it really -- in essence takes everything on that computer. so we have some really smart people looking at this. fortunately for c.i.a. we have ha very good defensive operation. so we have, you know, your best defends is what you learn from europe. and so we've had the luxury of good offenses folks who help us with the defense. and to the military members in the audience you know the same scenario. we have no other concern. we were talking about this at lunch. july -- june, july, we had a big big storm. came across the midwest. it was called the low ray rainfall. there was so much wind it was like being in kansas, you know? it was like the wizard of oz
1:27 am
movie. what happened late rally the power went out in the mid-atlantic to three million people. that's a lot of people. now think about this. i work at a pretty prestigious organization. i worked at an organization that has generator, power plants. our power went out for 24 hours. now, can't really afford to have the president's eyes and ears power go out for 24. what happens was virginia power who gives us the primary seed had lost power everywhere. and you've come back in an order of priority. hospitals come first and then there's the whole bunch -- fortunately, we have the capacity. we have lots of ups. part of the workforce could work but the others couldn't. and they were working around
1:28 am
the clock. i don't think we. i just got power for 10 days. >> that refrigerator? gone. >> the damage in about an hour was pretty devastating. she ought to be cooling. you're all dependant upon a computer network. every one of you are dependent that operating your system. if somebody wanted to do arm to those, what would be the impact. so think about that. we have a whole population who wants to bring their own desires into the workplace. we don't let you. yours stay in your car. so we spend lots of -- now we're doing a lot of things to try to overcome that. we have a whole number of wireless things.
1:29 am
we have gaggles of i pads. but we do that. we are looking at a mobile environment. but the challenge is when you're taking that ipad what happens to him. do you trust that the person not handing to someone does not have ill intent. there's a lot of things that they're working through. but you think about that which operates your home. >> your heat, your power. they're pretty critical. you know, they were very concerned a couple of years ago about alaska coming after the power -- al-qaeda coming after america. they're -- they didn't necessarily say that. you know, i've given you a lot of doom and gloom but it's not
1:30 am
all that. i will tell you and i see some of you in the room, you are the best and the blightest and you are the future. but fire not there's a lot of really smart people that when you will decide both in traditional ways, non- traditional ways, and in innovation and technology that will help us develop new defensive platforms and we also have to look at the personnel. the folks we hired 10 years ago are not going to be the folks we need for the future. the folks who got tired when i got hired -- we all grew up with pre-computers, wangs, remember those boxes, and then a series of different technologies. early days -- they were just a word processor.
1:31 am
that is all it was. i am speaking to each and every one of you today. i will rely upon your talent, you are an annuity, your being able to think and outside the box. just remember, you can think bedside the box but you have to work in to insure what you are doing balances with the mission of whomever you are working for. it really does matter, let you are building planes for boeing, software for apple, or an app somewhere or working for the u.s. government. the ability for us to operate securely will be dependent upon you. and it will be dependent on what you bring to the table to inform those that you work for how to get beyond the problem at hand. there is a lot of intelligence partnerships going on today.
1:32 am
are they all they need to be? nope. there is a lot of private industry sharing today. is it all it needs to be? nope. every time we have an incident, and that is what we call them -- i have a team that spent a lot of time figuring out a post- mortem how did this happen, what was the impact, how do we make sure it does not happen again? to each and every one of them. the real lesson is not that we are not going to get hit, it is that, when you get hit, what do you lose and what do you learned from that? how you ensure you do not hit the same way? each one of you has learned that lesson in multiple ways in non- cyper environments. -- non-cyber environments. the first time he did not -- something not so smart and your parents taught you, what did you
1:33 am
learn? the first time -- what did you learn? it is really that what did you learn question that we take from everything we bring to a problem set. we continue, we have to look every attack as a new attack, even if it is an attack we have seen before, we look at it as a new attack. we work across the u.s. government to ensure that it does not come in waves. some of our wonderful folks working -- if you look at some of the activities going on in war zones, bonds due to come in threes. a suicide truck comes up, a bomber comes up, to have to worry about the third. it is it a symbol of that? what do we do to learn from that event? weekend -- conduct multiple damage assessments to ensure whether our methods of protection and defense are actor -- adequate.
1:34 am
sometimes we find out they are not and have to do something about it. furthermore, we have to strengthen every link in the chain. we were chatting today -- for 10 years, the supply chain has been a concern to u.s. government because everything got out sourced in the 1990's and a lot of it outsourced to china. do you know where the piece comes from, and you know if andfirmware in it -- and do you know if the firmware in it was modified? we have lots of people working on supply chain. we put our supply chain people, our network defenders, all in a wonderful, what i would call red team black team environments. i was laughing earlier when they showed the lab with the computers. my laptop is not that fancy, but they are the same kind of thing.
1:35 am
by attacking ourselves we learn more to be able to defend ourselves. we have to adapt as the u.s. government' in a corrective intelligence based approach by mitigating the element of surprise. i mean, i am not sure we could have never planned on the derecho. the nature is a pretty powerful character, but all other elements of surprise, most of the problems we have are because people do not pay attention. we were talking about passwords -- there are so many simple things you can do to protect yourself. encryption, insuring your network is strong, igor links are strong, -- your links are strong, then when you have a problem you can identify patterns. we informed our partners -- dhs, fbi, nsa, we sit on all these
1:36 am
policy boards so that we can all addressed the problem that is going to take us into the next century. as i said earlier, and i cannot say this enough, our best defense is going to be understanding the offense. as an intelligence organization we spend a lot of time in the offensive mode. we collect human intelligence. as we consider ways to address the threat in the 21st century, we have to also understand it is not all technology base. even out here you all have legislation that drives what you do every day. i would anticipate this year senator collins introduced a cyber security bill -- it was geared toward single owner of all things cyber. kind of hard when you have a couple million people working for the government. working through variations upon a theme, but i think in the end you will see legislation that
1:37 am
addresses standards of operating performance, standards of protection, and how each agency does it will be very different but there will be a standard. like a common definition lexicon -- there will be standards. laws that can define acceptable behavior in cyberspace -- every person on the face of the earth goes to a website that may not be what that website is. they are to checking that out. sometimes those website can cause a great -- pose a grave danger. we had to strengthen law enforcement possibility to prosecute cyber crime. my colleagues from the fbi and the department of justice will tell you it is a hard thing for them. yes, they were very successful with anonymous, but cyber crimes are very hard to prove. we have to focus on the
1:38 am
defensive posture. we have to focus on people. it is not a robot doing this. it is a human. at c.i.a. i spent a lot of time investigating people. everyone who works for us has a security clearance. i have embassies -- you name it. we have a pretty protected enclave. you do not. industry does not. from a standpoint of humans, their behavior and the trending -- when you see people -- we had a young man a couple years ago who went to what he called whitehouse.gov his employee. if you ever go to a computer it says is monitored -- that is not
1:39 am
in our jobs said. we have to focus on the people. it is the people who put in the keystrokes. we depend upon a trusted work force, secure facilities around the world, and networks that efficiently and robustly get information from point a to point b, and it does not matter whether it is in washington, d.c., some foreign country, or a mud hut in a war zone. the data has to move, and it is critical that we move it securely and safely. we have to have a robust system of defense. you would be amazed what people do want computers that they do not think anybody is watching. as i tell my employees, nothing a human does will ever surprise me. they think i have seen it all. it is amazing what audits will tell you. you cannot ever have a zero risk. i will tell you -- you will never be able to mitigate all
1:40 am
risk. because in the end you have to consider three things. what is it you are doing? what is your mission? what is the threat against your mission? how are you going to balance the posture of security in whatever form it is against those two other things? it will never be zero. the united states government and national security depends upon many agencies doing work -- they put themselves at risk every day. every day. to close, we all have a shared responsibility to help reduce the risk of cyber attacks personally, professionally, and across the u.s. government. this means each and every one of you, as one of our speakers this morning said, you are using all
1:41 am
the same passwords -- go change them. if you literally think nobody cares what is on your system, change that mind. because they do. we are going to need each and every one of you, we are going to need industry, we are going to need academia, we are going to need security and intelligence professionals, and the general public, to help us. we will always be better to gather then we are individually. and to increase our effectiveness as a nation we will need to foster a community, how to deal with this malicious cyber activity. because it is not reducing. i am honored to have been able to spend time with you. i will take some questions now we have some time.
1:42 am
>> it is my career ambition to silence the cia for one second. if you have questions -- up to this microphone so we can get you clearly on here. please make your way that way. >> i left and speechless. [laughter] i knew i could count on somebody. >> what do you think are the chances of a cyber attack actually leading to a real war? >> that microphone did not work -- what do i think that a real cyber attack will lead to a war? i will tell you, the u.s. government, there will be cyber attacks. will it lead to a war? i do not believe so. there are enough elements of the u.s. government across the entire government that will help
1:43 am
thwart that. there is just -- war is never the answer if you can do something else. yes, sir? >> do they need to be as offensive as you are defensive? >> is that a question or is it a comment? >> how about the rest of the world? >> yes, and they are pretty capable at its. that drives a fair amount of the offensive capacity. the rest of the world, as i said, there are countries where there is no running water and electricity but there are computers. so stable nation states, you have some posturing. we have lots of allied partners, a liaison partners, but you have to understand what your audience is. for the audience you have to understand what the nation capacity is, there nonstick
1:44 am
capacity. that is how we use that. >-- and non-state capacity. that is how we use it. [inaudible] >> the u.s. government does work in partnerships. although there are lots of media highlights out there that tell us we knew about an attack, we knew about a series of threats -- we did not know about an attack. there is an accountability review board under way by the department of state that will identify what we knew when, the true facts, and then those will be released. >> do you see move from conventional military forces to cyber military forces in the coming era? >> i would say you are going to see a change -- you are seeing a
1:45 am
change from conventional to a combination of all sources of capability. will you replace one with the other? absolutely not. i do not believe will ever replace one with the other. i can tell you that clearly you have so much of the defense budget and lots of other tools and you have to use them all. > first of all, thank you vey much for being here. congratulations to an agent at the cia and intelligence who i
1:46 am
believe using tiny bits of human intelligence was able after five or six years to locate bin laden. i believe her name was jan. this new legislation concerning cyber security -- does the congress have enough intelligence to go to people like you, industry, the fbi, to listen to what you actually need to improve our cyber defenses, or do they just make it up with a bunch of lawyers and politicians? i am a little sarcastic. >> you can be sarcastic. i believe that the current cyber intelligence has not been able to get through the house and the senate, which then leads you to say that one side believes they do not have the intelligence they need and they will need to
1:47 am
compromise. that is not a word that is easily done right now. i will tell you that it will not get signed this year but they are working through 8 and have access to all the information to make a smart decision. in the end. >> you are more optimistic than i am. thank you. >> get page to be optimistic. -- i get paid to be optimistic. yes, sir. >> my question is, how would you rate the united states cyber offensive and defensive capabilities compared to those of china and the other major players in the cyberworld? >> are we talking on a one, two, three rating? [laughter] i would say that with the exception of sheer numbers, remember, china has 2 billion people, that our -- china,
1:48 am
russia, both of them spend a fair amount of time on the cyber challenges and the cyber opportunities. they just have a lot more people. it is a baseball game. they have a lot more innings. yes, sir. >> you don't have a question, or are you telling me to shut up? you can do that. [laughter] >> i did not know if there was someone else before. is it correct that under the current patriot act any kind of information that is in a private company can be accessed from the government for security purposes? >> under the patriot act, in that scenario for security purposes, usually the fbi has the lead on that and has the ability to ask the company.
1:49 am
in the event of an arrest or prosecution they have the ability to subpoena that information but do not just walking and say i want to all your data. there is a provision that allows them, if they believe the ifa hasn't formation that can help them, if any prosecution, they can subpoena the information. >> hello, and thank you for being here. my question is, in recent years cyber security has taken a forefront in terms of even in the media. you have the stuxnet taken media by storm, iran, now a nation states are starting to throw it up and forth -- does that change the way that the intelligence industry is operated? or is it still business as usual, even though it is more in the limelight?
1:50 am
>> i will tell you that it does not change how they do it as much. literally cyber is another part of the intelligence business. there is a lot in the media -- there really is a lot in the media. everybody is informed by that information. some situations may cause them to change decisions, postures, practices, policy. some do not. it is really dependent upon the event, who was involved with it, what the issues are. like the newspaper reporter. you take the event, compare it against that, and you have to make a decision as an organization. >> to follow-up, has it at all changed, that it is more small- scale attacks? or potential large-scale attacks? not saying the united states did stuxnet, but large-scale attacks in that nature. >> i would say there are multiple large-scale cyber
1:51 am
activities in the federal government. >> my question is, the expanding network we are going to need for our future cell phones, future computers, much of the technology will provide the capacity to provide all this information flowing between those devices is currently provided by not so friendly countries, namely china and countries of that nature. is that something you guys are actively aware of, and what are some of the things being done about that? >> yes, we are completely aware of -- that is all part of supply chain issues. what are we doing about it? a host of things, none of which i am willing to share in this forum. good try. [laughter] we have one right there. your also clean cut.
1:52 am
when i went to college, people were not so clean-cut. >> would you consider the cyber ron to be the greatest threat to our national security, or would you also consider other things to be of equal importance or equally as threatening? >> i would tell you is not the greatest threat to our national security, actually. if you want to know the president worries about, you can go on to the white house and there are a number of parties the consensus of with. at the white house determines priorities -- we determine priorities. cyber is not at the top of that list. ok. one more. ladies and gentlemen, it has been a pleasure and i thank you very much. [applause]
1:53 am
[captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2012] >> we continue our look at cyber security with professor richard finston. this is an hour. >> are right. we are going to continue right along the schedule. our next speaker is mr. richard finston, a professor here at embry-riddle an aeronautical university. his talk for us is the threat landscape. [applause] >> ok, you have just seen in the very beginning of what a cyber attack might look like. [laughter] before i start, i have to, aside
1:54 am
from this is a really tough act to follow, following the presentation, she was also very insightful. she mentioned to me about an hour ago that really all those people who came in and filled the auditorium were not really coming early to hear me. she was right. [laughter] but okay, there has been a lot of great discussion today so far. a number of things have been brought up. i actually have some data to share with you that might answer some of the questions that popped up before. you have seen the presidential debates -- so far, all the data and back and forth, there is no one here to argue -- i think we all feel a little safer. but anyway, with that i would
1:55 am
get into it right now. what i will be talking about is the threat landscape. what you are going to see for the next few minutes is the kind of a offering more presentation describing what we are up against. as we get deeper and deeper into it, you will get more and more depressed. but then, toward the and i kind of offer a solution. the first boss i had when i graduated from college and went to where after being there, this was at hughes aircraft when howard hughes was still alive. i had been working there for two months. , walked in to my boss's office the secretary in front of his office, a senior engineer was in there talking to the boss, laying out all these problems
1:56 am
and issues. and he felt very proud of himself and sat down and just waited. the department manager, my boss, went right back at him and said, i cannot stand that. it is your job to bring the solutions, not problems. if i have to solve all your problems, i do not need you. just a word of advice as we move into the industry and our next life, your boss is going to be looking for solutions. articulate the problem, but no matter what, try to end on a positive note and articulate the solution also. it does not have to be the perfect one or the right one. many times it will not be. i will and this -- end this with an upbeat way of what we can do about this big threat. if you walk away with anything today other than the lights
1:57 am
going out and coming back on, kind of a basic paradigm that could stick with you -- it would be of immense value drug or life. -- throughout your life. a lock will only keep out an honest man, and that is particularly true in cyber security. i was very fortunate as i was asked to construct this presentation here -- the government accounting office when they were not giving out awards and las vegas were actually doing very good work. one thing they did was reveal cyber security threats across the u.s. government. this is a very recent report. this was published by the gao in april. it is on the internet. you can read it in its totality if you like. they have reports even more current on specific industry segments. but the gao went and looked at
1:58 am
the u.s. government, if you will. look at the weaknesses at 24 agencies. they are listed here. a bit of an eye test, but it is basically the department of agriculture, education, defense, homeland security, energy, commerce, state -- those major departments. data was collected from those. skip ahead for a second? the agency is not recorded are the white house, the central intelligence agency, the office of the director of national intelligence, and also 15 other members of intelligence agencies in what we call the intelligence community. those agencies -- .mil mail addresses, the dia, the defense intelligence agency, the national reconnaissance office, on and on -- those agencies
1:59 am
typically, we can understand why, i do not report portability's because that would be -- of vulnerability is because that beginning way too much help to those who would want to do us harm. that data is not included in what we will talk about now. but i will go from there -- excuse me for one second. i just realized i forgot my notes here. as we look at the 24 agencies reporting weaknesses they were categorized into five categories. first is access control, configuration management, contingency planning, and finally, security management. all 24 agencies reported problems and weaknesses in access control. what is access control? what is access control?

124 Views

info Stream Only

Uploaded by TV Archive on